Hello everyone, I have a question regarding relayd(8) in OpenBSD 5.3
I was playing a little with relayd as a transparent proxy with URL
filtering using this relayd.conf:
http protocol httpfilter {
# Return HTML error pages
return error
header change "Connection" to "close"
# Block requests to unwated hosts
request url filter file "/etc/blacklist.txt"
}
relay httpproxy {
listen on 127.0.0.1 port 8080
protocol "httpfilter"
forward to destination
}
then I've added this line to my pf.conf:
pass quick inet proto tcp to port http divert-to 127.0.0.1 port 8080
So far everything is working fine: pf redirects all the HTTP traffic on
the standard TCP port and relayd takes care of the rest filtering out
anything I place in /etc/blacklist.txt
Is it possible to do so for HTTPS connections too? I've found a lot of
tutorial/documentation aiming at SSL accelleration but none about
transparent SSL proxy. As far as I know "forward to destination" doesn't
have a ssl option like "forward with ssl to $address".
I fear I am looking at the problem from the wrong side, so I've
decided to ask for advice before messing with the conf files and/or
looking at the source code of relayd.
Thanks for your time,
Gianfranco Gallizia
